Audit - Internal control Flashcards
How can you define Internal control ?
The process designed⇒ implemented ⇒ maintained by management to provide
reasonable assurance about the reliability of financial reporting, effectiveness of operations and compliance with laws and regulations
What is the objectives of Internal control ?
1- Reliability of financial reporting
2- Compliance with laws and regulations
3- Effectiveness and efficiency of operations
Steps of the auditor’s work on Internal control ?
1- Documenting / evaluating : collect data ( Narratives, flowcharts, questionnaires)
2- Testing of controls : performed to verify Design and implementation
3- Report internal control weaknesses to management
4 - Decide the extent of Substantive testing
What are the drawbacks of each type of documenting data over internal control ?
Narratives : might be insufficient in complex processes such as sales
Flowcharts : helps spot missing controls but an amendment may require drawing the whole chart
Questionnaire : easy to overstate the level of certain controls, questions should be well tailored to avoid misunderstanding risks
What are the components of the internal control
1- Control activities 2- Risk assessment 3- information system and communication 4- Monitoring 5 - Control environment
1 - Control activities refers to …… used to … Internal control in order to
Control activities refers to policies and standards used to implement Internal control in order to mitigate risks
2 - Risk assessment : auditor should …
1- understand the process of the company
2- identify and asses ROMM in financial reporting
3- and then evaluate whether there is a deficiency in the risk assessment process of the internal auditor
3 - Information system and communication
auditor should understand how …
- Transactions are recorded, corrected and transferred to GL and reported in FS
- How the client communicates, financial reporting matters
4 - Monitoring
verify is there an effective …
- an effective internal control
- should be reviewed over time on an ongoing basis or in a separate periods
- report deficiencies to appropriate leadership
5 - Control environment refers to the … and … of the organization and actions
The tone and attitude, it includes actions of TCWG : ( PHRASED)
If internal control is poor and a company’s accounting practices are sloppy, which risk is higher?
Control risk increases with poor internal controls and sloppy accounting practices.
If internal control is poor, what is the effect on the audit?
Auditor will need to perform more testing and dig deeper into accounts in order to arrive at an opinion regarding the financial statements.
What does internal control provide reasonable assurance for?
Internal control provides reasonable assurance that:
- Material misstatements will be prevented
- Reliability/integrity of financial statements will be preserved
- Assets are protected against misuse
What is required in an examination of internal control under Sarbanes-Oxley?
CEO/CFO must disclose internal control deficiencies.
Management must provide assessment of internal control.
Management must certify financial statements.
What is the relationship between internal control and substantive testing?
Inverse Relationship
Stronger Internal Controls = Less Testing Needed
Weaker Internal Controls = More Testing Needed
What are the three objectives of internal control?
The objectives of internal control are:
Reliability of financial reporting
Operational efficiency/effectiveness
Compliance with laws and regulations
What is the purpose for a Control Environment assessment?
A Control Environment assessment sets tone for the entire company.
What are the components of the Control Environment?
The components of Control Environment are:
Integrity/Ethics of Management Competence of Management Organizational Structure Human Resource Policies Assignment of Authority/Responsibility Management's Style (riskier with a dominant/aggressive individual) Board/Audit Committee involvement
What does an auditor’s assessment of Detection Risk determine?
Detection Risk determines nature, timing, and extent of audit procedures.
What determines the acceptable level of Detection Risk?
Risk of material misstatement determines acceptable level of Detection Risk.
What situations or circumstances could increase the risk of material misstatement?
Rapid growth in the company Major changes to Operations Personnel IT Systems Products Corporate organization Foreign operations
What happens when Control Risk is assessed to be at the maximum level?
No Internal Control testing is performed.
All audit procedures are increased in intensity to compensate for increased risk.
What happens when Control Risk is below the maximum level?
Auditor tests Internal Controls.
Auditor evaluates Control Risk based on tests.
Auditor adjusts substantive tests accordingly.
Weaker Internal Control - More substantive tests
Stronger Internal Control - Less substantive tests
Describe some common examples of Control Activities.
Control Activities include:
Performance Reviews
Information Processing
Physical Controls
Segregation of Duties